Scott's WeblogThe weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Technology Short Take 92

Welcome to Technology Short Take 92, the first Technology Short Take of 2018. This one was supposed to be the last Tech Short Take of 2017, but I didn’t get it published in time (I decided to spend time with my family instead—some things are just more important). In any case, hopefully the delay of one additional week hasn’t caused any undue stress—let’s jump right in!

Networking

Via Ivan Pepelnjak, I found this article by Diane Patton at Cumulus Networks talking about container network designs. The article is a bit heavy on pushing the Host Pack (a Cumulus thing), but otherwise provides a good overview of several different possible container network designs, along with some of the criteria that might lead to each design.

This post is a bit older, but covers a challenge faced by cloud-native darling Netflix—how does one, exactly, identify which application used which IP address at a given point in time? When you’re operating at the scale at which Netflix operates, this is no trivial feat.

Servers/Hardware

Security

The CPU architecture flaw involving speculative execution has been garnering a great deal of attention (see here, here, here, and here). Also, here’s Google Project Zero’s write-up (along with a support FAQ from Google on mitigation). There’s lots more coverage, obviously, but this should be enough to get you started.

Cloud Computing/Cloud Management

Kevin Carter has a detailed write-up on efforts around leveraging systemd-nspawn for deploying OpenStack via OpenStack Ansible. systemd-nspawn is an interesting technology I’ve been watching since early this year, and it will be cool (in my opinion) to see a project using it in this fashion.

The vSphere provider for Terraform (did you know there was one?) recently hit 1.0, and HashiCorp has a blog post (re-)introducing the provider. I thought I also saw a VMware blog post on the provider as well, but couldn’t find any link (guess I was mistaken).

Oh, and speaking of Terraform: check out this post on the release of Terraform 0.11.

Jorge Salamero Sanz (on behalf of Sysdig) provides a similar comparison, this time looking at ECS, Fargate, and EKS. Jorge’s explanation of Fargate as “managed ECS/EKS instances” is probably the most useful explanation of Fargate I’ve seen so far.

Running distributed systems such as etcd, Kubernetes, Linkerd, etc., to support applications means making a conscious decision to embrace a certain level of complexity in exchange for the benefits these systems offer. Read this post-mortem on an outage to gain a better idea of some of the challenges this additional complexity might present when it comes to troubleshooting.

Operating Systems/Applications

I came across this mention of Mitogen, a project whose goal—as described by the creator—is to “make it childsplay [sic] to run Python code on remote machines”.

From the “interesting-but-not-practicallly-useful” department, Nick Janetakis shows how to use Docker to run a PDP-11 simulator. The magic here, in my opinion, is in the simulator (not in Docker), but it’s still an interesting look at how one might use Docker.

Also from Nick, here’s an attempt to the answer the question, “Do I learn Docker Swarm or Kubernetes?”

I debated on adding this link because I wasn’t sure how useful it might be to readers, but decided to include it anyway. Apache Guacamole describes itself as “a clientless remote desktop gateway” supporting standard protocols like SSH, VNC, and RDP.